Mitnick Security Blog - Cybersecurity News and Articles

Pivoting in Cyber Security

Written by Mitnick Security | Mar 14, 2023 12:56:37 PM

Data breaches in 2022 were abundant and sophisticated. Realistically, it’s expected that this year we will continue to see threat actors test their limits and find new ways to infiltrate cybersecurity defenses and steal or exploit private data — potentially costing organizations billions of dollars in damages. But how do threat actors do it? Pivoting is the name of the technique that many threat actors would consider their number one weapon. 

However, penetration testers can fight fire with fire by using pivoting in penetration tests so you know what the weaknesses are and how to repel threat actors effectively. Here, we’ll discuss what pivoting is in a cyber security attack, and how penetration testers use this technique so you can protect your organization.

 

How Is Pivoting in Cyber Security Dangerous to Your Organization?

Pivoting is an integral part of a red hat hacker’s arsenal of tactics that can be used during cyber attacks — such as an advanced persistent threat (APT) attack — to the detriment of your organization.  

Advanced Persistent Threat Attacks

An APT attack is a long-game cyber attack in which a threat actor uses numerous methods to remain undetected and achieve an ultimate goal — such as corrupting the internal infrastructure of an organization's systems in order to hold it for ransom. Advanced persistent threat attack prevention is possible, but there is no guarantee that a threat actor won’t find their way in despite your best efforts. In this case, it’s ideal to make sure that the threat actor is not able to use pivoting as a part of their strategy.

Pivoting in APT Attacks

In the industry of cyber security, pivoting is a technique in which an attacker moves from one compromised system to the next. Sometimes, this can be within the same organization. For example, a threat actor could gain unauthorized access to an organization’s network and then “pivot” to another endpoint to expand their foothold. This could be done by escalating compromised privileges to gain access to an admin account to a different internal application.

However, threat actors could also use pivoting to attack an organization by using the exploited assets of a different organization. Since pivoting is more of a concept than the actual tool, it's a key component of many types of attacks. Keep in mind, awareness of how threat actors carry out their despicable plans is the first key to repelling their attacks.

 

Hardening Your Cyber Security Against Pivoting

Use Multi-Factor Authentication (MFA) 

Multi-factor authentication (MFA) is a protocol that requires more than one login credential to access an account. This log-in environment is safer than a single-sign-on method because even if a threat actor has one factor of authentication, they would be denied access if they don’t have a second factor.

Utilizing MFA across your organization helps limit the number of weak entry points that a threat actor could use to pivot from one compromised account, application, or system to another. If you offer remote work environments, it’s important to also utilize MFA for your remote workers.

Pair Vulnerability Assessments With Routine Vulnerability Scans

Network Security Assessment Software (NSAS) can be used to scan your network and systems for obvious vulnerabilities. These scans should be performed often as a part of your routine cybersecurity protocol. The issue with limiting your plan to only vulnerability scanning is that there may be false positives in the findings, the scan does not go beyond the surface to look for deeper threats, and you won’t have a cybersecurity professional’s opinion and advice for improving your organization’s security posture.

A vulnerability assessment involves a cybersecurity expert actively reviewing and evaluating the NSAS scan report to find weaknesses that the scan may have missed. Including vulnerability assessments in your cybersecurity budget can help you to find and eliminate potential entry points and other vulnerabilities that a threat actor could use to pivot their way to total control of your organization.

 

Pentesting and Why Pentesters Need To Pivot in Cybersecurity Engagements

Penetration testing is a simulated cyber attack on your organization — pentesters do what real threat actors do but without the damage. With a pentest, you’ll see the true strengths and vulnerabilities of your organization. However, a manual penetration test goes beyond finding the weak points. Pentesters can go a step further and see what a threat actor could accomplish after an initial foothold is established. This requires pentesters to use similar tools and techniques — including pivoting in cybersecurity engagements — so you get the full picture.

 

APT and Pivoting Prevention Start Here

When you speak with the pentesters during the pre-attack phase of a penetration test, you can communicate your desire to see how effective pivoting is for the pentesters during the simulated cyber attack on your organization. Different types of penetration tests can find vulnerabilities that would otherwise make it easier for a threat actor to jump from one compromised system or network to another.

Mitigating the risks to your organization can be straightforward with the right protocols in place. From assessing your current level of security to preventing pivoting in cyber security attacks in the future, discover how to avoid cyber threats.